Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Morris Guestbook v1
From: luny () youfucktard com
Date: 26 May 2006 00:29:25 -0000
Homepage: 
http://www.tuttophp.altervista.org/morrisguest-ing.htm 

Description:
Morris Guestbook is a text-based guestbook with the following features: Data storing on text file, paging of messages 
on screen, words crypting, counting of inserted messages, blockage of messages with both html tags(<>) 

Effected files:
view.php 

An XSS attack is possible due to no filtering of pagina variable: 
http://www.example.com/morrisgbook/view.php?pagina=1[IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))]

-------------------------

http://www.youfucktard.com

  By Date           By Thread  

Current thread:
  • Morris Guestbook v1 luny (May 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]